我希望实施规则,即每个(人类)用户必须打开拉取请求(PR)才能更改受保护分支上的内容,同时释放新版本的工作流程可以在同一受保护分支上增加版本号。
已经设置了分支保护,也选择了“包括管理员”复选框。因此,没有人会意外地推送到该分支。
现在,当我想从工作流推送某些内容时,我会收到与用户相同的错误消息。
在设置工作时,作业的权限会被打印出来。
那么问题来了:我该如何强制人类用户打开PR并在合并之前进行审查和检查,同时工作流可以直接操作(受保护的)分支?
已经设置了分支保护,也选择了“包括管理员”复选框。因此,没有人会意外地推送到该分支。
现在,当我想从工作流推送某些内容时,我会收到与用户相同的错误消息。
name: Build pipeline
"on":
push:
branches:
- 'master'
defaults:
run:
shell: bash
jobs:
release:
runs-on:
- self-hosted
- default-runner
needs: []
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
fetch-depth: 0
clean: true
- name: demo push
if: github.ref == 'refs/heads/dev'
run: |
git config --global user.email "runner@xxx.com"
git config --global user.name "Github Actions Runner"
# normally we would generate the release notes here etc, increase the version,... though lets keep the example simple
date >> test.txt
git add test.txt
git commit -m "test2" test.txt
git push
在设置工作时,作业的权限会被打印出来。
GITHUB_TOKEN Permissions
Actions: write
Checks: write
Contents: write
Deployments: write
Discussions: write
Issues: write
Metadata: read
Packages: write
PullRequests: write
RepositoryProjects: write
SecurityEvents: write
Statuses: write
然后,该步骤失败,并输出以下内容:
user.email=runner@xxx.com
user.name=Github Actions Runner
core.repositoryformatversion=0
core.filemode=true
core.bare=false
core.logallrefupdates=true
remote.origin.url=https://github.xxx.com/xx/xxx
remote.origin.fetch=+refs/heads/*:refs/remotes/origin/*
gc.auto=0
http.https://github.xxx.com/.extraheader=AUTHORIZATION: basic ***
branch.dev.remote=origin
branch.dev.merge=refs/heads/dev
[dev 7ddff59] test2
1 file changed, 1 insertion(+)
create mode 100644 test.txt
remote: error: GH006: Protected branch update failed for refs/heads/dev.
remote: error: You're not authorized to push to this branch. Visit https://docs.github.com/enterprise/3.2/articles/about-protected-branches/ for more information.
To https://github.xxx.com/xx/xxx
! [remote rejected] dev -> dev (protected branch hook declined)
error: failed to push some refs to 'https://github.xxx.com/xx/xxx'
Error: Process completed with exit code 1.
那么问题来了:我该如何强制人类用户打开PR并在合并之前进行审查和检查,同时工作流可以直接操作(受保护的)分支?
if: github.event.commits[0].author.name != 'Github Actions Runner'
- Toomy